Malware Attack Prompts European Commission to Disable Remote Access

Only days before a summit to discuss the crisis in Libya, multiple sources are reporting that the European Commission has disabled remote email access in what the EC considers to be an, “ongoing [and] widespread cyber attack” against its servers.

eWeek reports that an email warning of the attack was sent to all employees of the European Commission and its foreign ministry European External Action Service (EEAS). EUObserver obtained a copy of the internal document, which reads, “We have found evidence that both the commission and EEAS are the subject of an ongoing widespread cyber attack.”

The massive malware-driven attack that was discovered on March 22 appears to have directly targeted the two agencies. Upon discovery of the attack, the EC moved quickly to disable remote access to its email and intranet services and has asked its employees to change their passwords.

“The Commission and External Advisory Service are subject to a serious cyber attack,” Antony Gravili, the spokesman for the inter-institutional relations and administration commissioner, told BBC News. In attempt to head-off the inevitable speculation that the timing of this attack is somehow linked to the March 24 summit in Brussels convened to discuss the war in Libya, European debt and nuclear power, Gravili stated that there was no evidence suggesting the two are connected. “I have no information at all linking the attack to the summit, we don’t only suffer attacks at these times,” Gravili said.

One European Commission source stated that the commission was, “often hit by cyber attacks, but this is a big one.”

Gravili stated that he didn’t know how long the attack had been going on or what type of malware was used in the attack. He also declined to comment on whether the malware had been delivered by email or some other means, or whether any information had been compromised. The EC’s security team, the Security Directorate, is investigating the breach and will be focusing on how to avoid such attacks in the future.

Somewhat surprisingly, Gravili dismissed the breach as being the result of random malware and not necessarily on a deliberate and coordinated effort to steal documents. Perhaps that means the EC is aware of something that they’re not sharing, but it seems that the use of malware is a perfect means for cyber terrorists to attack.

While details on the EU malware assault are still sketchy, BBC reports that its sources are comparing this attack to the recent assault on France’s Ministry of Finance in December, when the French ministry encountered a cyber attack that specifically targeted information on the G20 summit held in Paris in February. In that attack, more than 150 of the ministry’s 170,000 computers were infected, and it appeared to be a professional and well-coordinated effort that Patrick Pailloux, director general of the French National Agency for IT Security, characterized as, “pure espionage … one of the most important attacks, if not the most important, ever to target the public administration.”

EUObserver is reporting that there may be a common link between the attacks. In the December assault on France’s finance ministry, French officials suggested that some of the affected traffic was redirected to China, while an unnamed EU official has stated that China is a possible suspect in the March 22 attack on the EC and EEAS. To make matters even more interesting, earlier this month on March 4, several South Korean websites, including the Presidential Office, the Ministry of National Defense, the National Assembly and the Ministry of Foreign Affairs and Trade were attacked by cyber criminals. In that attack, a botnet of about 50,000 infected zombie computers assaulted more than thirty South Korean agencies with a denial of service attack, reminiscent of a 2009 cyber assault on South Korea that was traced to a Chinese IP address used by the North Korean Ministry of Post and Telecommunications.

“We are not speculating on the origin,” Gravili said, referring to the March 22 cyber attack on the EC and EEAS. “We are already taking urgent measures to tackle this. An inquiry’s been launched. This isn’t unusual as the commission is frequently targeted.”

Gravili’s dismissal of the attack as a random case of malware rather than a coordinated effort is an attempt, perhaps, to downplay what is becoming a series of cyber assaults, so common that they now appear in the news every couple of weeks. Whether these attacks are originating from professional groups with deliberate motives, or whether they are the result of nuisance malware from multiple random sources remains to be seen. Regardless of the source or the reason, it appears that the gloves are off and that anyone could be a target of this growing epidemic.